-3

我是新手,我在代码的第 26 行遇到错误,我无法理解导致错误的原因,因为它使我无法发送短信任何帮助将不胜感激

        <?php
        $gw_host="10.0.0.9";
     $value=$_POST['value'];
     urlencode($message)=$_POST['message'];
     $con = mysql_connect("localhost","db_host","xxxxxx");

         if (!$con)
         {
         die('Could not connect: ' . mysql_error());
         }

         mysql_select_db("aic_sms", $con);

     $result = mysql_query("SELECT phn_number FROM users WHERE message=$value");
     if($result){
     while($row = mysql_fetch_array($result)) {
         function sendSmsMessage($phn_number, $message)
        {
            $ch= curl_init();
        curl_setopt($ch, "http://10.0.0.15/process_sms/sendsms.php?recipient=$phn_number&msg=" . urlencode($message));
        curl_exec($ch);
        curl_close($ch);

           }
       }
    else {
       echo mysql_error();
   }
   }

   echo 'Message sent successfully';    



      mysql_close($con);
      ?>
4

1 回答 1

0

好的,首先你在循环中有一个函数,这将导致函数被定义两次然后杀死你的脚本,你定义它们一次的函数然后使用函数名执行函数中的代码,也是你实际的 curl 函数使用不会起作用,因为您没有设置正确的选项。

另外,您应该使用准备好的查询来执行 SQL 语句,因为在您当前的脚本中,您很容易受到 sql 注入的攻击,恶意的人可能会发布someval OR 1=1这将导致 mysql 返回所有内容为 1=1,这是真的。

以下是你应该如何去做并建立它。希望能帮助到你 

if($_SERVER['REQUEST_METHOD']=='POST' && !empty($_POST['value']) && !empty($_POST['message'])){

    $value  = $_POST['value'];
    $message= $_POST['message'];

    try {
        $dbh = new PDO("mysql:host=localhost;dbname=aic_sms", 'username', 'password');

        $stmt = $dbh->prepare("SELECT phn_number FROM users WHERE message=:message");

        /*** bind the paramaters ***/
        $stmt->bindParam(':message', $value, PDO::PARAM_STR);

        /*** execute the prepared statement ***/
        $stmt->execute();

        /*** fetch the results ***/
        while($row = $stmt->fetch())
        {
            $result[$row['phn_number']] = sendSmsMessage($row['phn_number'], $message);
        }
        //perhaps do somthing with the $result array
        echo 'Messages sent successfully';   
    }
    catch(PDOException $e)
    {
        die($e->getMessage());
    }
}else{
    //Show form or whatever
}


function sendSmsMessage($phn_number, $message){
    $curl = curl_init();
    curl_setopt($curl, CURLOPT_URL, "http://10.0.0.15/process_sms/sendsms.php?recipient=$phn_number&msg=" . urlencode($message));
    curl_setopt($curl, CURLOPT_HEADER, 0);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
    curl_setopt($curl, CURLOPT_TIMEOUT, 30);

    $html = curl_exec($curl);
    curl_close($curl);

    return $html;
}
?>
于 2012-06-11T08:16:53.740 回答